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DETAILED ACTION 
Election/Restrictions 

1 . Restriction to one of the following inventions was required under 35 U.S.C. 121 : 

I. Claims 1-10, drawn to a network having a intrusion protection system, 
classified in class 726, subclass 23. 

II. Claims 11-17, drawn to transmitting an update message to a subset of 
nodes of a plurality of network nodes, classified in class 713, subclass 
163. 

2. The inventions are distinct, each from the other because of the following reasons: 

Inventions listed as Group I, and Group II are related as subcombinations 
disclosed as usable together in a single combination. The 
subcombinations are distinct from each other if they are shown to be 
separately usable. 
In the instance case, invention has separate utility such as follows: 

Group I: A network having an intrusion protection system may update each node one at 

a time. 

Group II: A method of transmitting and executing an update message to a subset of 
nodes of a plurality of network nodes may be used to update nodes not running an 
intrusion protection system. See MPEP § 806.05(d). 

3. Because these inventions are distinct for the reasons given above and have 
acquired a separate status in the art as shown by their different classification, restriction 
for examination purposes as indicated is proper. 
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4. Because these inventions are distinct for the reasons given above and the 
search required for Group I is not required for Group II, restriction for examination 
purposes as indicated is proper. 

5. Because these inventions are distinct for the reasons given above and have 
acquired a separate status in the art because of their recognized divergent subject 
matter, restriction for examination purposes as indicated is proper. 

6. Applicant is reminded that upon the cancellation of claims to a non-elected 
invention, the inventorship must be amended in compliance with 37 CFR 1 .48(b) if one 
or more of the currently named inventors is no longer an inventor of at least one claim 
remaining in the application. Any amendment of inventorship must be accompanied by 
a request under 37 CFR 1 .48(b) and by the fee required under 37 CFR 1 .17(i). 

7. During a telephone conversation with a representative of Hewlett-Packard on 
behalf of L. Joy Griebenow on 19 September 2005 a provisional election was made 
without traverse to prosecute the invention of Group I, claims 1 -10. Affirmation of this 
election must be made by applicant in replying to this Office action. Claims 1 1 - 17 are 
withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn 
to a non-elected invention. 

8. Claims 1-10 have been examined. Claims 11 - 17 are withdrawn from 
consideration. 

Information Disclosure Statement 

9. The information disclosure statements (IDS) submitted on 01 July 2003, 22 
September 2003 and 03 January 2005 were filed before the mailing date of the first 
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Office Action. The submission is in compliance with the provisions of 37 CFR 1.97. 
Accordingly, the information disclosure statements and Search Report are being 
considered by the examiner. 

Claim Objections 

10. Claim 1 is objected to because of the following infomnalities; 

© Recitation of "...a intrusion..."; "a" should be -an-. Appropriate 
correction is required. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

11. Claim 5 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

12. Claim 5 recites the limitation "each" in line 25 when only "a management node" 
which implies one management node was disclosed in Claim 1. There is insufficient 
antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
states. 
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13. Claims 1-10 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Holloway, et al. in US Patent 5,905,859 (hereinafter US '859). 

As it pertains to Claim 1 , US '859 teaches: 
A network having a intrusion protection system (see column 2, lines 54 - 55), 
comprising: 

a network medium (see column 17, lines 66 - 67); 

a management node connected to the network medium and running an intrusion 
prevention system management application (see column 18, lines 32-33; where the 
network management station is the management node and it is inherent that a detection 
means application is running)] and 

a plurality of nodes connected to the network medium and running an instance of 
an intrusion protection system application (see Figure 16; where each managed hub 
signifies a node), at least one of the nodes having an identification assigned thereto 
based on a logical assignment grouping one or more of the plurality of nodes, each 
node sharing an identification being commonly vulnerable to at least one network exploit 
(see column 3, lines 4 - 5; where the MAC address is the ID and each node has an 
authorized address). 

For Claim 2, US '859 teaches: 
The network according to claim 1 , wherein the management node is operable to 
originate a security update that is transmitted to each node sharing the identification, 
any remaining nodes not sharing the identification being excluded from receiving the 
update (see column 8, lines 8 -10; where each nodes copies the group address). 
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For Claim 3, US *859 teaches: 
The network according to claim 1, wherein a plurality of identifications are respectively 
assigned to one or more of the plurality of nodes (see Figure 16; where each hub is in a 
diffehng location that can be used as a fonv of identification (e.g. building, department, 
floor)). 

For Claim 4, US '859 teaches: 
The network according to claim 1, wherein the identification is an Internet Protocol 
multicast group identification (see column 2, line 61; where the ID is a multicast/group 
address also referred to as the LAN security feature group address). 

For Claim 5, US '859 teaches: 
The network according to claim 2, further comprising: 

a plurality of network mediums (see column 17, lines 66 - 67)\ and 

at least one router (see Figure 16), each of the management node and the 
plurality of nodes each respectively connected to one of the plurality of network 
mediums in the network, the router disposed intemnediate the plurality of network 
mediums and operable to fonA/ard the security update from the network medium having 
the management node connected thereto to any nodes connected to the remaining 
network mediums and sharing the identification (see column 15, lines 34 - 38). 

For Claim 6, US '859 teaches: 
The network according to claim 5, wherein the router determines whether any of the 
plurality of nodes connected to the remaining network mediums share the identification 
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through implementation of the Internet group management protocol {see column 15, 
lines 30 - 32). 

For Claim 7, US '859 teaches: 
The network according to claim 1 , wherein the network medium is an Ethernet (see 
column 15, lines 50-51). 

For Claim 8, US '859 teaches: 

« 

The network according to claim 1 , further comprising a network-based intrusion 
protection system appliance dedicated to filtering inbound and outbound data frames 
transmitted across the network medium (see column 18, lines 10- 13; where the 
discovery request/response frames act as inbound and outbound frames). 

For Claim 9, US '859 teaches: 
The network according to claim 8, wherein the network-based intrusion protection 
system appliance interfaces with the network medium via a network interface card 
operating in promiscuous mode (see Figure 3 and column 5, line 16). 

For ClaimlO, US '859 teaches: 
The network according to claim 8, wherein the network-based intrusion protection 
system appliance shares the identification (see column 18, lines 1 - 4; where a list is 
maintained). 

Conclusion 

14. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. US Patent 6,304,973 as anticipated by Williams discloses 
drawings and claims that parallel the Applicant's invention. 
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15. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Laurel Lashley whose telephone number is 571-272- 
0693. The examiner can normally be reached on 7:30 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Infomriation Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Laurel Lashley 



Examiner 
Art Unit 2132 





19 September 2005 



GILBERTO BARRON yn, 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



